GFIRST5: The Five Pillars of Cyber Security: Threat, Vulnerability, Attack & Detection, Mitigation and Reflection. These foundations support the cyber security and incident response community by identifying the core components of incident management. Regardless of what sector you work in, these five pillars provide a framework that must be covered to secure information systems.

The Five Pillars of Cyber Security:

Threat: Collection and analysis of information regarding attacks and/or malware utilized to breach controls in information systems that would otherwise be unavailable to our constituency. Organizations need to understand the threats: who are they, what their intent is, and what capabilities they have. Understanding the threat assists in protecting systems against them and helps organizations prioritize them.

Vulnerability: Providing identification and aggregation of exploitable weaknesses in information systems from an authoritative source. Understanding the vulnerabilities being exploited by attackers is key to planning the release of information and protecting systems. Once the vulnerabilities are understood, they can be prioritized against other vulnerabilities which will assist in determining those that are most important to protect against and mitigate first (i.e. patching). Prioritization allows organizations to release high quality products with the most important, relevant information.

Attack & Detection: Actions used to identify threat activity that exists in a complex, multi-agency, multi-platform environment. Attack & Detection is better implemented once an organization understands the threat and the vulnerabilities being exploited. Once this information is understood, organizations can implement the appropriate detection mechanisms on their systems.

Mitigation: Solutions that contain or resolve risks through analysis of threat activity and vulnerability data which provide timely and accurate responses. Mitigation is the way in which organizations prevent attacks, reduce vulnerabilities and fix systems. Mitigation is sometimes difficult to implement as it is time consuming and tedious, but prioritization coupled with understanding the threats and vulnerabilities assists in forming an effective mitigation strategy.

Reflection: Maturing and developing the defense of critical information systems by compelling or influencing changes in law, regulation, policy, or procedure. Reflection allows organizations to review the threats, vulnerabilities exploited, attacks and overall system posture to implement policy and technology changes that will assist in protecting systems from similar incidents in the future.

Don’t miss your opportunity to hear the latest in cyber security trends and technology plus interact with key industry and government leaders. In an increasingly connected society, building partnerships and strengthening relationships among the incident response and security community are essential to effective response coordination and collaboration – and the 5th Annual GFIRST National Conference is the place to be this summer!

Why Should You Attend?

There are many reasons to attend the GFIRST Conference; benefits include:

- Networking with top information security professionals and government officials - Hearing expert speakers discuss the latest in cyber security news and trends as seen by government agencies, law enforcement, private sector and academia - Participating in information-sharing groups on topics such as collaboration methods and incident response practices - Continuing professional growth with industry peers and keeping abreast of the newest issues, trends, preemptive measures and case studies

Who Should Attend?

The GFIRST Conference is open to all interested in learning more about cyber security and incident response. GFIRST is a great place for public and private sector leaders serving in non-technical roles to become familiar with the fundamentals of cyber security and incident response. GFIRST is also an excellent resource for practitioners in incident response and information security from the public and private sectors to include:

GFIRST is a group of technical and tactical practitioners from incident response and security response teams responsible for securing government information technology systems and providing private sector support. GFIRST members work together to understand and handle computer security incidents and to encourage proactive and preventative security practices across government agencies. GFIRST promotes cooperation among the full range of Federal, State and local agencies, including defense, civilian, intelligence, and law enforcement.

What is US-CERT?

The United States Computer Emergency Readiness Team "US-CERT" is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. US-CERT is charged with protecting our nation's Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for: